[Pauldotcom] Scanning of cumulative vulns/patches
jstarkel at gmail.com
Wed Feb 17 21:31:20 UTC 2010
If you can't patch A for some reason, you'd still want to know about B.
Also, what if B is of a higher severity than A? This probably doesn't happen
too often, but could be a possibility.
On Wed, Feb 17, 2010 at 11:17 AM, Albert R. Campa <abcampa at gmail.com> wrote:
> What do you guys think of scanning and reporting of cumulative
> For example. If you have vulnerability A that supercedes vulnerability
> B. Nessus will report both A and B as vulnerable, but for patching
> only Vulnerability A needs to be patched. So why report vulnerability
> B? Should the scanner ingore superceded vulnerabilities? Is the only
> plus to reporting both A and B is to have a history of old
> vulnerabilities not patched?
> What about metrics? A and B might be vulnerable but only patch A needs
> to be installed.
> If an admin gets a vuln report with both A and B, can they easily
> figure out oh, this is cumulative, so I only need to install A, or are
> they going to try to install both.
> want to get more opinions on this.
> Albert R. Campa
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pauldotcom